Over the past few months, we’ve found multiple reports of nation state hackers training to gather more information on COVID-19. We’ve read reports about numerous attempts from various actors targeting the WHO (World Health Organization), China, and other organizations related to combating the pandemic. Some attacks seem to look for information hidden by governments on the pandemic, while others just try to create chaos by attacking healthcare networks or releasing user data from the organization.
In one instance, hackers reportedly with ties to the Vietnamese government, spear phished Chinese government offices to gather more information on the COVID-19 outbreak in China. These phishing attempts continue to this day. Threat actors for the Iranian government attempted to break into personal email accounts of the WHO. We don’t know if they successfully breached any accounts at this time. Last month the U.S. Health and Human Services Department suffered a network attack. We additionally found collections of emails and passwords from the WHO, CDC, and other medical research organizations circulating on the Internet, but these emails likely come from previous breaches and the passwords changed long ago.
We hope that information on these groups keeps you aware of the breaches and what may come next like increased COVID-related phishing targeting the public. The security risk for these breaches mean misinformation could be passed down to hospitals and the public by a breached account. Studies found in the breach on COVID-19 could also cause panic and stock market volatility if they only release select portions of a study to sway opinion. We haven’t seen any cases of this but if you see anything that looks off it’s always good to double-check with the source. Either check the website directly, or if you have another way to contact the person, check in with them to see if they meant to send it.